2020/2021 has created the prefect storm for hackers; a reliance on technology as a result of the COVID-19 pandemic means that it can be easily used for illegal purposes. End-users these days are also more vulnerable working from home or remotely as they are separated from their work colleagues and outside secure networks.
The recent HSE cyber-attack has brought to the fore the increasing threat of the file-encrypting malware known as Ransomware. In light of the attack on the Irish health service, supportIT has put together this piece to help organisations recognise ransomware and put processes and tools in place to help prevent a potential attack.
What is ransomware?
Ransomware is a form of malware attack in which the attacker locks and encrypts the victim’s data, important files and then demands a payment to unlock and decrypt the data. This type of attack takes advantage of human, system, network, and software vulnerabilities to infect the victim’s device—which can be a computer, printer, smartphone, wearable, point-of-sale (POS) terminal, or other endpoint.
This specific kind of malicious software is used for extortion. Ransomware typically spreads via spam or phishing emails, or It also can be spread through websites. When a device is successfully attacked by ransomware, it locks all files it can using strong encryption and then a ransom demand with payment details is displayed to the victim on the screen.
How do you protect your organisation against Ransomware attacks?
Appoint a Security Champion – It is important that organisations to have a security champion internally. This person should share security trends and threats and ensure good security practices. are part of the organisation culture.
Ensure your organisation has Security Policies and Procedures in place – Have clear policies and procedures around passwords, BYOD (Bring Your Own Devices) and Internet/Email usage. Also, build non-compliance clauses into HR documentation so that staff are aware of the implications of not adhering to good IT security practices. Here is a sample cybersecurity policy.
Security Awareness Training
- At new employee induction, outline the security measures the organisation has in place and explain their importance. Often users don’t like to wait for computer (windows) updates or using two-factor authentication, but if they understand why they are in use they are more likely to build them into their own IT practices.
- There are many security awareness training videos that can be used for security awareness purposes (Check out Webroot on the BrightTalk Channel). Be sure to build one or two of those into your HR induction to highlight the importance of good security practices.
- If a potential scam email comes into the organisation, highlight it so staff can know what to look out for.
Have a clear process for reporting potential phishing attempts
If a user gets a potential scam email and they didn’t click on anything within the email they should simply report it to your email client to block similar emails from that source.
If a user has clicked on anything within the email, like a link or a PDF, they should un-plug their computer from the network to stop it spreading and log the issue with their provider immediately.
If the user is working from home they should still report the issue immediately because the virus could potentially infect the network the next time the machine is in the office.
IT Security Tools for your organisation
There are a myriad of tools, both paid and free, that can be used to guard your organisation:
- Multi Factor or 2-Factor Authentication should be enabled across all applications.
- End-Point Protection – Ensure that all your user and network devices are updated and patched using end-point software.
- Anti-Virus – an adequate Anti-virus, preferably one with built-in Ransomware protection, will help guard your device.
- Security Awareness Training – Webroot Security Awareness Training simulates Phishing Attempts to highlight potential scams.
- Advanced Email Security – Google and Office 365 have built-in Advanced Email Protection (ATP) tools that can be enabled.
- Communications Security – Choose Firewalls, like SonicWall, with Unified Threat protection. Also ensure that your Wifi monitors for threats and is split for guest users to protect the network.
- Data Loss Protection – this can be enabled through Office365 or Google.
- Enable Encryption – If a laptop falls into the wrong hands and it has encryption, it means your data is protected.